This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cabextract First view 2018-07-28
Product Libmspack Last view 2018-07-28
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:cabextract:libmspack:0.6:alpha:*:*:*:*:*:* 4
cpe:2.3:a:cabextract:libmspack:0.4:alpha:*:*:*:*:*:* 4
cpe:2.3:a:cabextract:libmspack:0.0.20060920:alpha:*:*:*:*:*:* 4
cpe:2.3:a:cabextract:libmspack:0.5:alpha:*:*:*:*:*:* 4
cpe:2.3:a:cabextract:libmspack:0.3:alpha:*:*:*:*:*:* 4

Related : CVE

  Date Alert Description
8.8 2018-07-28 CVE-2018-14682

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
8.8 2018-07-28 CVE-2018-14681

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
6.5 2018-07-28 CVE-2018-14680

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
6.5 2018-07-28 CVE-2018-14679

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-193 Off-by-one Error
25% (1) CWE-787 Out-of-bounds Write
25% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

id Description
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1146.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-847fe2ed61.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-a5953af115.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-cb337fb199.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ddda173f56.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-eff94da132.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1435.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1436.nasl - Type: ACT_GATHER_INFO
2018-11-19 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-c73d257297.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3327.nasl - Type: ACT_GATHER_INFO
2018-10-17 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1fc39f2d13.nasl - Type: ACT_GATHER_INFO
2018-10-04 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8b812395c73911e8ab5b9c5c8e75236a.nasl - Type: ACT_GATHER_INFO
2018-08-13 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e1adecd46c.nasl - Type: ACT_GATHER_INFO
2018-08-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1460.nasl - Type: ACT_GATHER_INFO
2018-08-03 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4260.nasl - Type: ACT_GATHER_INFO